{"id":1349,"url":"https://github.com/HackOvert/awesome-bugs","name":"awesome-bugs","description":"A collection of software bug types and articles showcasing the hunt for and exploitation of them.","projects_count":35,"last_synced_at":"2026-06-11T21:00:25.069Z","repository":{"id":45599939,"uuid":"328017529","full_name":"HackOvert/awesome-bugs","owner":"HackOvert","description":"A collection of software bug types and articles showcasing the hunt for and exploitation of them.","archived":false,"fork":false,"pushed_at":"2021-03-02T18:13:32.000Z","size":40,"stargazers_count":20,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-05-26T06:02:56.886Z","etag":null,"topics":["awesome-list","software-bug","vulnerabilities"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HackOvert.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-01-08T21:35:49.000Z","updated_at":"2024-10-30T07:14:30.000Z","dependencies_parsed_at":"2022-09-18T04:52:30.628Z","dependency_job_id":null,"html_url":"https://github.com/HackOvert/awesome-bugs","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/HackOvert/awesome-bugs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackOvert%2Fawesome-bugs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackOvert%2Fawesome-bugs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackOvert%2Fawesome-bugs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackOvert%2Fawesome-bugs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HackOvert","download_url":"https://codeload.github.com/HackOvert/awesome-bugs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackOvert%2Fawesome-bugs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34217312,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"created_at":"2024-01-04T17:49:49.909Z","updated_at":"2026-06-11T21:00:25.070Z","primary_language":null,"list_of_lists":false,"displayable":true,"categories":["Command Injection","Double Free","NULL Pointer Dereference","Type Confusion","Unexpected Sign Extension","Use After Free","Use of Externally-Controlled Format String","Write-What-Where"],"sub_categories":[],"readme":"# awesome-bugs\nA collection of software bug types and articles showcasing the hunt for and exploitation of them.\n\n[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n\n\n# Bug Types\n* [Command Injection](#command-injection)\n* [Double Free](#double-free)\n* [NULL Pointer Dereference](#null-pointer-dereference)\n* [Type Confusion](#type-confusion)\n* [Unexpected Sign Extension](#unexpected-sign-extension)\n* [Use After Free](#use-after-free)\n* [Use of Externally-Controlled Format String](#use-of-externally-controlled-format-string)\n* [Write-What-Where](#write-what-where)\n\n\n## Command Injection\n[CWE-78](https://cwe.mitre.org/data/definitions/78.html): Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\n\n\u003e *\"The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.\"*\n\n| Author(s) | Source | Article |\n| --- | --- | --- |\n| Pedro Ribeiro, Radek Domanski | Zero Day Initiative / Flashback Team | [CVE-2018-8460: Exposing a double free in Internet Explorer for code execution](https://www.thezdi.com/blog/2020/4/6/exploiting-the-tp-link-archer-c7-at-pwn2own-tokyo) - ([YouTube version](https://www.youtube.com/watch?v=zjafMP7EgEA)) |\n| Lucas Tay | Star Labs | [Analysis \u0026 Exploitation of a Recent TP-Link Archer A7 Vulnerability](https://starlabs.sg/blog/2020/10/analysis-exploitation-of-a-recent-tp-link-archer-a7-vulnerability/) |\n| David Yesland | Rhino Security Labs | [Exploiting CVE-2018-1335: Command Injection in Apache Tika](https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/) |\n| Shaun Mirani | Independent Security Evaluators (ISE) | [Show Mi The Vulns: Exploiting Command Injection in Mi Router 3](https://blog.securityevaluators.com/show-mi-the-vulns-exploiting-command-injection-in-mi-router-3-55c6bcb48f09) |\n\n\n## Double Free\n[CWE-415](https://cwe.mitre.org/data/definitions/415.html): Double Free\n\n\u003e *\"The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.\"*\n\n| Author(s) | Source | Article |\n| --- | --- | --- |\n| Simon Zuckerbraun | Zero Day Initiative | [CVE-2018-8460: Exposing a double free in Internet Explorer for code execution](https://www.thezdi.com/blog/2018/10/18/cve-2018-8460-exposing-a-double-free-in-internet-explorer-for-code-execution) |\n| Jinwook Shin | Microsoft Security Response Center | [MS13-068: A difficult-to-exploit double free in Outlook](https://msrc-blog.microsoft.com/2013/09/10/ms13-068-a-difficult-to-exploit-double-free-in-outlook/) |\n| Arthur Gerkis | Exodus Intelligence | [Pwn2Own 2019: Microsoft Edge Renderer Exploitation (CVE-2019-0940)](https://blog.exodusintel.com/2019/05/19/pwn2own-2019-microsoft-edge-renderer-exploitation-cve-2019-9999-part-1/) |\n| Andrey Konovalov | Andrey Konovalov's Blog | [CVE-2016-2384: Exploiting a double-free in the USB-MIDI Linux kernel driver](https://xairy.github.io/blog/2016/cve-2016-2384) |\n\n\n## NULL Pointer Dereference\n[CWE-476](https://cwe.mitre.org/data/definitions/476.html): NULL Pointer Dereference\n\n\u003e *\"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.\"*\n\n| Author(s) | Source | Article |\n| --- | --- | --- |\n| Leeqwind | xiaodaozhi | [Win32k NULL-Pointer-Dereference Analysis by Matching the May Update](https://xiaodaozhi.com/exploit/156.html) |\n| Sam Brown | MWR Labs / F-Secure | [PDF] [Windows Kernel Exploitation 101: Exploiting CVE-2014-4113](https://labs.f-secure.com/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113.pdf) |\n\n\n## Type Confusion\n[CWE-843](https://cwe.mitre.org/data/definitions/843.html): Access of Resource Using Incompatible Type ('Type Confusion')\n\n\u003e *\"The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.\"*\n\n| Author(s) | Source | Article |\n| --- | --- | --- |\n| Man Yue Mo | GitHub Security Lab| [Ghostscript type confusion: Using variant analysis to find vulnerabilities](https://securitylab.github.com/research/ghostscript-type-confusion) |\n| David Wells | Tenable | [Exploiting a Webroot Type Confusion Bug](https://medium.com/tenable-techblog/exploiting-a-webroot-type-confusion-bug-215308145e32) |\n| Natalie Silvanovich | Google Project Zero | [One Perfect Bug: Exploiting Type Confusion in Flash](https://googleprojectzero.blogspot.com/2015/07/one-perfect-bug-exploiting-type_20.html) |\n| The ZDI Research Team | Zero Day Initiative | [CVE-2018-12794: Using Type Confusion to Get Code Execution in Adobe Reader](https://www.thezdi.com/blog/2018/9/18/cve-2018-12794-using-type-confusion-to-get-code-execution-in-adobe-reader) |\n| Microsoft Defender ATP Research Team | Microsoft | [Understanding type confusion vulnerabilities: CVE-2015-0336](https://www.microsoft.com/security/blog/2015/06/17/understanding-type-confusion-vulnerabilities-cve-2015-0336/?source=mmpc) |\n| Mark Dowd, Ryan Smith, David Dewey | Black Hat USA 2009 | [Attacking Interoperability](http://hustlelabs.com/stuff/bh2009_dowd_smith_dewey.pdf) |\n| Max Van Amerongen | F-Secure | [Exploiting CVE-2019-17026 - A Firefox JIT Bug](https://labs.f-secure.com/blog/exploiting-cve-2019-17026-a-firefox-jit-bug/) |\n| Nils Emmerich | ERNW | [Java Buffer Overflow with ByteBuffer (CVE-2020-2803) and Mutable MethodType (CVE-2020-2805) Sandbox Escapes](https://insinuator.net/2020/09/java-buffer-overflow-with-bytebuffer-cve-2020-2803-and-mutable-methodtype-cve-2020-2805-sandbox-escapes/) |\n| Max Van Amerongen | F-Secure | [Exploiting CVE-2019-17026 - A Firefox JIT Bug](https://labs.f-secure.com/blog/exploiting-cve-2019-17026-a-firefox-jit-bug/) |\n| Yuki Chen | Qihoo 360 Vulcan Team | [When GC Triggers Callback](https://paper.seebug.org/1032/#case-3-type-confusion-in-jit-engine) |\n\n\n## Unexpected Sign Extension\n[CWE-194](https://cwe.mitre.org/data/definitions/194.html): Unexpected Sign Extension\n\n\u003e *\"The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.\"*\n\n| Author(s) | Source | Article |\n| --- | --- | --- |\n| Kim Youngsung | LINE Engineering | [Buffer overflow in PJSIP, a VoIP open source library](https://engineering.linecorp.com/en/blog/buffer-overflow-in-pjsip-a-voip-open-source-library/) |\n\n\n## Use After Free\n[CWE-416](https://cwe.mitre.org/data/definitions/416.html): Use After Free\n\n\u003e *\"Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.\"*\n\n| Author(s) | Source | Article |\n| --- | --- | --- |\n| Abdul-Aziz Hariri | Zero Day Initiative | [Use-After-Silence: Exploiting a Quietly Patched UAF in VMWare](https://www.thezdi.com/blog/2017/6/26/use-after-silence-exploiting-a-quietly-patched-uaf-in-vmware) |\n| Man Yue Mo | GitHub Security Lab | [Exploiting a textbook use-after-free in Chrome](https://securitylab.github.com/research/CVE-2020-6449-exploit-chrome-uaf) |\n\n\n## Use of Externally-Controlled Format String\n[CWE-134](https://cwe.mitre.org/data/definitions/134.html): Use of Externally-Controlled Format String\n\n\u003e *\"The software uses a function that accepts a format string as an argument, but the format string originates from an external source.\"*\n\n| Author(s) | Source | Article |\n| --- | --- | --- |\n| Joe Giron | Gironsec | [Exploit in Skyrim](https://www.gironsec.com/blog/2013/05/exploit-in-skyrim/) |\n\n\n## Write-What-Where\n[CWE-123](https://cwe.mitre.org/data/definitions/123.html): Write-what-where Condition\n\n\u003e *\"Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.\"*\n\n| Author(s) | Source | Article |\n| --- | --- | --- |\n| Simon Zuckerbraun | Zero Day Initiative | [RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer](https://www.thezdi.com/blog/2019/5/21/rce-without-native-code-exploitation-of-a-write-what-where-in-internet-explorer) |\n| Taha Karim | Confiant | [Internet Explorer CVE-2019–1367 Exploitation — part 2](https://blog.confiant.com/internet-explorer-cve-2019-1367-exploitation-part-2-8143242b5780) |\n| ZecOps Research Team | ZecOps | [Exploiting SMBGhost (CVE-2020-0796) for a Local Privilege Escalation: Writeup + POC](https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/) |\n","projects_url":"https://awesome.ecosyste.ms/api/v1/lists/hackovert%2Fawesome-bugs/projects"}